Application Security Engineer (Pentesting & DevSecOps)

A market-leading fintech platform helping businesses in Emerging Markets transfer money, backed by Y-Combinator, Quona, and MEVP.
$NaN
Security
Mid-Level Software Engineer
In-Person
3+ years of experience
Finance · Enterprise SaaS

Description For Application Security Engineer (Pentesting & DevSecOps)

Verto is a transformative fintech platform that's revolutionizing how businesses transfer money in and out of Emerging Markets. Initially starting as an FX solution for Nigerian Naira trading, we've evolved into a comprehensive platform processing billions of dollars in payments annually. We're backed by prestigious investors and have been recognized as 'Fintech Start Up of the Year' at Fintech Awards London 2022.

We're seeking an Application Security Engineer to strengthen our security posture through penetration testing and DevSecOps practices. This role combines hands-on security testing with strategic security automation initiatives. You'll be responsible for conducting thorough security assessments across our web, API, and mobile applications while implementing robust security measures in our development pipeline.

The ideal candidate will bring strong expertise in security testing tools, secure code review practices, and cloud security, particularly in AWS environments. You'll work closely with development teams to embed security-first practices, automate security testing, and maintain strong defensive postures against emerging threats.

Key initiatives include reducing critical vulnerabilities, implementing security automation in CI/CD pipelines, strengthening AWS cloud security, and building a security-aware engineering culture. You'll have the opportunity to make a significant impact on our security infrastructure while working with cutting-edge technologies in a fast-paced fintech environment.

Join us in our mission to create equal access to payment and liquidity solutions for emerging markets while ensuring the highest standards of security for our platform and customers.

Last updated 15 days ago

Responsibilities For Application Security Engineer (Pentesting & DevSecOps)

  • Perform in-depth penetration testing for Web, API, and Mobile applications
  • Conduct secure code reviews and provide remediation guidance
  • Automate security testing within CI/CD pipelines
  • Develop and implement security best practices
  • Monitor cloud security configurations
  • Create and maintain security playbooks for incident response
  • Stay ahead of emerging threats
  • Drive security awareness across engineering teams

Requirements For Application Security Engineer (Pentesting & DevSecOps)

Python
Node.js
  • Proven experience in penetration testing for Web, API, and Mobile (iOS & Android) applications
  • Strong expertise in security testing tools like Burp Suite, OWASP ZAP, and Python scripting
  • Hands-on experience in secure code reviews and remediation guidance
  • Solid understanding of OWASP Top 10, SANS 25, and other security frameworks
  • Experience integrating security tools into CI/CD pipelines
  • Cloud security expertise, particularly in AWS
  • Familiarity with Agile and DevOps methodologies
  • Strong problem-solving and collaboration skills
  • Relevant certifications (OSCP, CISSP, CEH, AWS Security Specialty, Certified DevSecOps Engineer) are a plus

Interested in this job?

Jobs Related To Verto Application Security Engineer (Pentesting & DevSecOps)

Product Manager, Secret Manager

Lead product strategy and development for Google Cloud's Secret Manager, focusing on security, compliance, and user experience in cloud-based secret management solutions.

Program Manager II, Trust and Safety, Global Affairs

Lead strategic trust and safety initiatives at Google as a Program Manager II, managing cross-functional projects to protect users across Google's global products.

Product Manager, Privacy Sandbox, Aggregation Service

Product Manager position at Google focusing on Privacy Sandbox and Aggregation Service, developing privacy-preserving technologies for web and Android platforms.

Regional Operations Manager, Trust and Safety, Compute

Lead Trust & Safety operations for Google's Compute division, managing policy implementation and developer relations while ensuring platform security.

Product Manager I, Privacy Sandbox, Measurement and Optimization

Product Manager role at Google focusing on Privacy Sandbox initiative, developing privacy-preserving measurement and optimization solutions for digital advertising.